I would like to discuss the issue of securing passwords and certificates on the
Radiator server. From looking over the documentation and asking a member of
support on the matter, it looks as if there is no option for encrypting
passwords in the configuration. Moreover there seems as if there is
a software, and my suggestions use perl and
openssl to secure sensitive information. Therefore only integration is
necessary without new environments.
From: Nick Lowe [nick.l...@lugatech.com]
Sent: Thursday, October 01, 2015 4:23 PM
To: Nadav Hod
Cc: radia
the TLS
tunnel is protecting user credentials and it offers much better protection.
Radiator supports also RADSEC that moves RADIUS traffic over TLS tunnel
and then you will get good protection for messages and you don't need to
define shared secrets since certificates are used.
Best Regards,
ski-Kasari [sam...@open.com.au]
Sent: Thursday, October 01, 2015 10:49 PM
To: Nadav Hod; radiator@open.com.au
Subject: Re: [RADIATOR] Password/certificate security seems next to none on
Radiator server
Hello Nadav,
On 10/01/2015 08:52 PM, Nadav Hod wrote:
> And keep in mind that not just private ke
From: a.l.m.bu...@lboro.ac.uk [a.l.m.bu...@lboro.ac.uk]
Sent: Friday, October 02, 2015 1:45 PM
To: Nadav Hod
Cc: Sami Keski-Kasari; radiator@open.com.au
Subject: Re: [RADIATOR] Password/certificate security seems next to none on
Radiator server
Hi,
> In this case the private key wasn't
_
From: radiator-boun...@open.com.au [radiator-boun...@open.com.au] on behalf of
Tuure Vartiainen [varti...@open.com.au]
Sent: Friday, October 02, 2015 3:11 PM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Password/certificate security seems next to none on
Radiator server
Hi,
> On 02 Oct 2015
erent security
modules) and domain-level security. Most SMB's and enterprises already have
these in place. Keeping things local is bad practice for several reasons.
From: Nick Lowe [nick.l...@lugatech.com]
Sent: Friday, October 02, 2015 5:52 PM
To: Na
ristian Kratzer [ck-li...@cksoft.de]
Sent: Saturday, October 03, 2015 4:06 PM
To: Nadav Hod
Cc: Tuure Vartiainen; radiator@open.com.au
Subject: Re: [RADIATOR] Password/certificate security seems next to none
on Radiator server
Hi,
On Fri, 2 Oct 2015, Nadav Hod wrote:
> Hi Tuure,
>
&g
Hi everyone,
I've used the goodies directory as a reference for authenticating via PEAP then
EAP-TLS and for some reason it isn't working correctly. Using NPS the
workstation authenticates well (machine-based authentication). The process gets
stuck with Radiator after the certificates are excha
Hi everyone,
Session Resumption as implemented by Radiator seems to work based on Session ID
(connection caching at the server). I have not seen any session ticket fields
in the exchanges so I'm guessing session tickets aren't implemented, feel free
to correct me.
Session resumption with sessio
[radiator-boun...@open.com.au] on behalf of
Heikki Vatiainen [h...@open.com.au]
Sent: Monday, October 19, 2015 4:49 PM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Suggestion: Support of TLS Session Resumption based on
tickets and not just session IDs
On 18.10.2015 11.07, Nadav Hod wr
I understand the concern. If OSC were to add support of session tickets to
their roadmap it would likely take some time until that first version would be
GA. After all they already have a form of TLS session resumption which has wide
adoption, so it wouldn't likely be a priority. It is argueably
Hi everyone,
I was hoping you can help me with a few questions regarding MacSec.
1) Is it possible to implement MacSec with compatible Cisco switches and
supplicants (such as AnyConnect) using Radiator, but without Cisco ISE/ACS? Is
any other software necessary?
2) Does Microsoft NPS 2008/2012
eikki Vatiainen [h...@open.com.au]
Sent: Thursday, April 14, 2016 9:52 AM
To: radiator@open.com.au
Subject: Re: [RADIATOR] A few questions regarding MacSec
On 14.04.2016 00:54, Nadav Hod wrote:
> 1) Is it possible to implement MacSec with compatible Cisco switches and
> supplicants (such as
m.au]
Sent: Sunday, April 17, 2016 2:54 AM
To: radiator@open.com.au
Subject: Re: [RADIATOR] A few questions regarding MacSec
On 16.04.2016 00:27, Nadav Hod wrote:
> Does Radiator support Macsec for switch-host and switch-switch links?
> The two connection types are quite different.
: Sunday, April 17, 2016 11:47 AM
To: radiator@open.com.au
Subject: Re: [RADIATOR] A few questions regarding MacSec
Hi,
> On 17 Apr 2016, at 10:21, Nadav Hod wrote:
>
> Cisco use EAP-Fast for NDAC. The secure seeding device closest to the
> authentication server (this is configurable) a
@open.com.au
Subject: Re: [RADIATOR] A few questions regarding MacSec
On Monday, 18 April, 2016 16:27, "Nadav Hod" said:
>
> So Radiator supports Macsec between switches and endpoints, but not switches
> to
> other network devices, is that correct?
>
yes.
BR
--
Tuure Varti
Hi everyone,
Radiator supports 802.1ae according to documentation, yet I haven't found
documentation regarding 802.1x-2010.
Is it possible for an endpoint authenticated via 802.1x (specifically EAP-TLS)
to then encrypt/authenticate via MACSEC using Radiator?
Can anyone outline the process for a
witch?
Is there any need for 3rd party software on the client side if I'm running
Windows 7 and above?
From: Alan Buxey [a.l.m.bu...@lboro.ac.uk]
Sent: Wednesday, May 18, 2016 10:30 AM
To: Nadav Hod; radiator@open.com.au
Subject: Re: [RADIATOR] Does Radiat
Hi everyone,
1) It's been awhile since 4.16 was released, I was wondering if there is a
candidate release date for the next version.
2_ For those of us who won't be in London for 5G World, is there any chance of
disclosing the roadmap for Radiator soon after?
Thanks :)
Hi everyone,
Earlier this month the subject of performance monitoring with grafana came up.
I for one would be very happy to see this implemented in Radiator in order to
have the logs stored in a consolidated manner (assuming the database supports
clustering), and readable by graphing applicati
Hi everyone,
I have the impression that the VNF is much like an appliance, where the only
interface the user has with the VNF is the configuration file. I was hoping the
amazing Radiator team could clear up the following issues:
1) Is the operating system (CentOS if I recall correctly) fully wr
...@open.com.au]
Sent: Tuesday, June 28, 2016 10:43 AM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Is the Radiator NFV customizable?
Hello,
> On 27 Jun 2016, at 10:34, Nadav Hod wrote:
>
> I have the impression that the VNF is much like an appliance, where the only
> interface the user
AM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Questions regarding new release and current roadmap
On 7.6.2016 19.56, Nadav Hod wrote:
> 1) It's been awhile since 4.16 was released, I was wondering if there is
> a candidate release date for the next version.
If you have valid down
for the update :)
From: radiator-boun...@open.com.au [radiator-boun...@open.com.au] on behalf of
Heikki Vatiainen [h...@open.com.au]
Sent: Wednesday, June 29, 2016 2:20 PM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Questions regarding new release and current roadmap
On 29.6.2016 1
ter.
I think that allowing a 3rd party solution manage the passwords, assuming that
the API exists, could help secure credentials immensely.
From: a.l.m.bu...@lboro.ac.uk [a.l.m.bu...@lboro.ac.uk]
Sent: Wednesday, June 29, 2016 1:09 PM
To: Nada
release and current roadmap
On 29/06/2016 13:23, Nadav Hod wrote:
>
>
> 2.5) I probably wasn't clear enough. The include command isn't what I'm
> looking for since that takes blocks of configuration, not variables, and
> embeds it in the current configuration.
Hi Sami,
Are non-disruptive configurations on the roadmap for the end of the year?
Heikki wrote in a post from June 10th that he'll ask others to publish more
information regarding the Radiator roadmap, although I haven't seen any such
publications thus far.
Fr
Hello,
Any word regarding non-disruptive configurations?
From: Nadav Hod
Sent: Sunday, August 07, 2016 7:16 PM
To: Sami Keski-Kasari; radiator@open.com.au
Subject: RE: [RADIATOR] Reload configuration without restart Radiator RADIUS
server
Hi Sami,
Are non
Hi everyone,
Looking over the Radiator 4.17 release notes, there is talk of a new
loadbalancer. Any chance someone in the know can elaborate on this
loadbalancer? :)
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinf
Hi everyone,
I read this in the Radiator 4.17 release notes:
"Added initial support for encrypting and obfuscating TACACS+ keys in the
configuration file. This is similar to the recently added RADIUS client shared
secret obfuscation. Client and ServerTACACASPLUS now support
EncryptedTACACSPLUS
From: radiator-boun...@open.com.au [radiator-boun...@open.com.au] on behalf of
Heikki Vatiainen [h...@open.com.au]
Sent: Thursday, September 22, 2016 10:01 AM
To: radiator@open.com.au
Subject: Re: [RADIATOR] Radius and TACACS+ password obfuscation
On 21.9.2016 18.13, Nadav Hod wrote:
> I
32 matches
Mail list logo
